U.S. officials discovered that Russian hackers stole thousands of sensitive emails from the State Department during the now infamous SolarWinds hack.
In the latest round of revelations from one of the most brazen cyber espionage operations against the U.S. in history, Politico revealed that Russian hackers got access to the State Department’s email system.
More specifically, Russian hackers got access to the emails from the State Department’s Bureau of European and Eurasian Affairs and Bureau of East Asian and Pacific Affairs. According to the reports, investigators are still trying to determine if the Russian hackers got access to the classified network and if the hack was part of the bigger SolarWinds operation.
U.S. officials are still trying to determine the damage caused by the unprecedented SolarWinds hack that took place throughout several months last year. While the US intelligence community and the Pentagon’s Cyber Command were working hard to prevent another bout of meddling in the Presidential election like the one that took place in 2016, Russian and Chinese hackers focused their efforts on less defended parts of the American cyber armor by using vulnerabilities in the SolarWinds software that was employed by dozens of agencies and departments and scores of private companies.
“Several federal agencies have been hacked in the last year,” Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger said about the hack. “As part of the Administration’s SolarWinds review, we discovered broad gaps in cybersecurity defenses across federal agencies. We identified five specific cybersecurity modernization areas, assessed agencies against them, and are implementing a Build Back Better plan to rapidly fund and roll out these technologies to remediate vulnerabilities and modernize our cybersecurity approach.”
To be sure, this isn’t the first major cyber-espionage operation against the US. In the last few years, there has been a series of increasingly audacious operations by both the Chinese and Russians. For example, in the early 2010s, Chinese hackers broke into the Office of Personnel Management (OPB) and stole millions of security clearance files from government employees, including current and former intelligence officers. Then in 2016, the Intelligence Community determined that the Russians had used innovative ways to disrupt the Presidential Election.
“We can’t always disconnect completely from cyber, but we can minimize what our signature looks like online,” a subject matter expert on digital security with joint special operations and intelligence background from the Signature Management Unit, a digital security and consulting firm that specializes on privacy removals, told Sandboxx News.
“For example, we can’t very well stop hackers from targeting the electric grid, but we can prepare offline to ensure we’ve got enough food, water, and other emergency supplies should an event turn catastrophic. We can’t very well defend our financial institutions or other companies from Chinese hackers, but we can know what to do when that inevitably occurs, and our personal information is leaked online (along with that of millions of others). All of this is to say that maintaining an understanding of your online privacy and digital security is an individual responsibility—all else is supplemental.
In response, to the Chinese involvement in the SolarWinds hack—which doesn’t appear to have been coordinated with Russia, by the way—the US blacklisted five major Chinese telecommunications giants. It now remains to be seen if similar action will be taken against the Russian government or Russian entities.